public void Basic_Leaf_Only() { X509Certificate x = new X509Certificate(CertificateTest.mail_google_com); using (var policy = SecPolicy.CreateBasicX509Policy()) using (var trust = new SecTrust(x, policy)) { // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc)); // SSL certs are a superset of the basic X509 profile SecTrustResult result = SecTrustResult.RecoverableTrustFailure; Assert.That(Evaluate(trust, result == SecTrustResult.RecoverableTrustFailure), Is.EqualTo(result), "Evaluate"); if (TestRuntime.CheckXcodeVersion(5, 0)) { // call GetPolicies without a SetPolicy / SetPolicies var policies = trust.GetPolicies(); Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length"); using (var data = new NSData()) { // we do not have an easy way to get the response but the API accepts an empty NSData trust.SetOCSPResponse(data); } } } }
SecTrust GetTrust() { X509Certificate x = new X509Certificate(CertificateTest.mail_google_com); using (var policy = SecPolicy.CreateBasicX509Policy()) return(new SecTrust(x, policy)); }
public void Ctor_Identity_Certificates() { if (!TestRuntime.CheckSystemAndSDKVersion(7, 0)) { Assert.Ignore("requires iOS7+"); } using (var id = IdentityTest.GetIdentity()) using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy())) using (var peer = new MCPeerID("me")) { SecCertificate [] certs = new SecCertificate [trust.Count]; for (int i = 0; i < trust.Count; i++) { certs [i] = trust [i]; } using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) { Assert.AreSame(s.MyPeerID, peer, "MyPeerID"); // it's a self-signed certificate that's used for the identity // so it's not added twice to the collection being returned Assert.That(s.SecurityIdentity.Count, Is.EqualTo(1), "SecurityIdentity"); Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity"); Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference"); Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers"); } } }
public void Ctor_Identity_Certificates() { TestRuntime.AssertSystemVersion(ApplePlatform.iOS, 7, 0, throwIfOtherPlatform: false); TestRuntime.AssertSystemVersion(ApplePlatform.MacOSX, 10, 10, throwIfOtherPlatform: false); using (var id = IdentityTest.GetIdentity()) using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy())) using (var peer = new MCPeerID("me")) { SecCertificate [] certs = new SecCertificate [trust.Count]; for (int i = 0; i < trust.Count; i++) { certs [i] = trust [i]; } using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) { Assert.AreSame(s.MyPeerID, peer, "MyPeerID"); // it's a self-signed certificate that's used for the identity // so it's not added twice to the collection being returned Assert.That(s.SecurityIdentity.Count, Is.EqualTo((nuint)1), "SecurityIdentity"); Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity"); Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference"); Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers"); } } }
public void Encrypt_New() { using (SecPolicy p = SecPolicy.CreateBasicX509Policy()) using (SecTrust t = new SecTrust(c, p)) { // getting the public key won't (always) work if evaluate was not called t.Evaluate(); using (SecKey pubkey = t.GetPublicKey()) { byte[] plain = new byte [20]; byte[] secret; Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, out secret), Is.EqualTo(SecStatusCode.Success), "Encrypt"); Assert.That(secret.Length, Is.EqualTo(128), "secret.Length"); } } }
public void Encrypt_Old() { // the old API was not working but the crash was fixed, still you need to provide an adequatly sized buffer using (SecPolicy p = SecPolicy.CreateBasicX509Policy()) using (SecTrust t = new SecTrust(c, p)) { // getting the public key won't (always) work if evaluate was not called t.Evaluate(); using (SecKey pubkey = t.GetPublicKey()) { byte[] plain = new byte [20]; byte[] cipher = new byte [pubkey.BlockSize]; Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt"); } } }
public void BasicX509Policy () { using (var policy = SecPolicy.CreateBasicX509Policy ()) { Assert.That (policy.Handle, Is.Not.EqualTo (IntPtr.Zero), "Handle"); Assert.That (CFGetRetainCount (policy.Handle), Is.EqualTo ((nint) 1), "RetainCount"); if (TestRuntime.CheckXcodeVersion (5, 0)) { using (var properties = policy.GetProperties ()) { Assert.That (properties.Handle, Is.Not.EqualTo (IntPtr.Zero), "Properties.Handle"); Assert.That (CFGetRetainCount (properties.Handle), Is.EqualTo ((nint) 1), "Properties.RetainCount"); Assert.That (properties.Count, Is.EqualTo ((nuint) 1), "Count"); Assert.That (properties [SecPolicyPropertyKey.Oid].ToString (), Is.EqualTo ("1.2.840.113635.100.1.2"), "SecPolicyOid"); } } } }
[Ignore("System.EntryPointNotFoundException: AppleCryptoNative_SecKeychainCreate")] // https://github.com/dotnet/runtime/issues/36897 #endif public void KeyRecordTest() { using (var cert = new X509Certificate2(ImportExportTest.farscape_pfx, "farscape")) using (var policy = SecPolicy.CreateBasicX509Policy()) using (var trust = new SecTrust(cert, policy)) { trust.Evaluate(); using (SecKey pubkey = trust.GetPublicKey()) using (var rec = new SecRecord(pubkey)) { Assert.NotNull(rec, "rec is null"); var ret = rec.GetKey(); Assert.That(ret.Handle, Is.Not.EqualTo(IntPtr.Zero), "Handle"); Assert.That(ret.Handle, Is.EqualTo(pubkey.Handle), "Same Handle"); Assert.Throws <InvalidOperationException> (() => rec.GetCertificate(), "GetCertificate should throw"); Assert.Throws <InvalidOperationException> (() => rec.GetIdentity(), "GetIdentity should throw"); } } }